Skip to main content
SpringerLink
Log in

High-Order Collision Attack Vulnerabilities in Montgomery Ladder Implementations of RSA

  • Conference paper
  • First Online:
Security, Privacy, and Applied Cryptography Engineering (SPACE 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14412))

  • 144 Accesses

Abstract

This paper describes a straightforward methodology which allows mounting a specific kind of single-trace attacks called collision attacks. We first introduce the methodology (which operates at the algorithmic level) and then provide empirical evidence of its soundness by locating the points of interest involved in all existing collisions and then attacking an unmasked RSA implementation whose modular exponentiation is based on the Montgomery Ladder. The attacks we performed, albeit slightly worse than the theoretical prediction, are very encouraging nonetheless: the whole secret exponent can be retrieved (i.e., a success rate equal to 100%) using only 10 traces. Lastly, we describe how this could allow for the introduction of high-order attacks, which are known to break some protected implementations of symmetric cryptography, in the context of asymmetric cryptography.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Their leakage assessment works for their specific target only.

  2. 2.

    As it turns out, symmetric and asymmetric cryptography behave differently in this respect. In the symmetric case, the confusion introduced by the likes of S-Boxes makes collisions probabilistic. In the RSA case, collisions happen with probability equal to either 0 or 1, meaning that the value of the part of the secret being processed directly determines whether there is a collision. Theoretically, a single execution of the modular exponentiation is therefore enough to recover the whole exponent.

  3. 3.

    Other internal variables have been suggested as well, yet in the end, it all boils down to finding whether the input message is involved in certain operations.

  4. 4.

    Although it is not mentioned in the paper, their technique can be extended to the Montgomery Ladder using their forward estimation method. This amounts to comparing, for a pair chosen according to the guideline they provide, the squaring done in the first iteration which processes the input message (the corresponding bit is equal to 1) and the one carried out for the bit which is currently unknown. Like in the paper, the estimation of a given exponent bit requires that all the preceding ones be known, therefore an error on index j affects all the following indices.

  5. 5.

    However, we acknowledge that, unlike the OTA, our methodology is not portable. In fact, in collision attacks (to which OTA belongs to some extent) at least, there seems to exist a balance to find between portability and the cost of profiling. The authors of [2] appear to have chosen to prioritize portability by making the template building phase “online”. Therefore, each attack requires a profiling phase. We have decided to proceed differently. Our attack is not portable, but on the plus side, profiling needs be done only once. Consequently, the more keys an attacker targets for a given pair (board, software), the better our methodology gets in respect to OTA which requires one template per scalar bit every time.

  6. 6.

    The authors report using 5000 traces yet do not provide any success rate.

  7. 7.

    For instance, we claim that our contribution, which comprises only two steps and does not require any error correction, is somewhat simpler. Moreover, in addition to the vulnerability mentioned there, we describe another one which happens in the processing of a single bit.

  8. 8.

    This is especially so for the STM32F407 board, which we used for this paper, which is arguably noisier than other platforms commonly targeted such as ChipWhisperer.

  9. 9.

    This sum is assumed to be equal to zero when it is empty.

  10. 10.

    Our mathematical derivation is a reformulation of the one available in the original paper.

  11. 11.

    Therefore, at the beginning of each iteration of the loop, the following is always true: \(R_1=g\cdot R_0\).

  12. 12.

    Countermeasures which shuffle the order of the operations do not remove the first-order vulnerabilities since the collisions still exist. An attacker who is able to detect \(\gamma _s\) and \(\gamma _t\) irrespective of their position in the trace may proceed as previously described. As such, these are not taken into consideration here.

  13. 13.

    Changes between the two possible values for \(d_j\) have been highlighted in .

  14. 14.

    This could, in turn, render the usual ‘randomization’ countermeasures ineffective against high-order collision attacks. This latter point will be expanded on in a future paper. For the time being, only exponent blinding can prevent the attacks analyzed in this paper.

  15. 15.

    If it is a destination, then it has just changed. This runs counter to Definition 2.

  16. 16.

    Same justification as before, since both \(R_0\) and \(R_1\) get overwritten in an iteration of the loop.

  17. 17.

    The span of a given instant in the executions covers about 3 samples which is less than a CPU cycle.

  18. 18.

    During an attack, since the values for such models are unknown, NICV cannot be used. It can only be used during the profiling phase, not the exploitation phase.

  19. 19.

    The timing diagrams indicate that \(g^{2\cdot 0}=1\) should be discussed as well. However, since it is a constant, it is not possible to analyze the variations for these samples in the traces. As consequence, we discarded it.

  20. 20.

    In fact, since the two variables (\(R_0\), \(R_1\)) are treated one at a time by the hardware, there will be an offset (a few cycles) between the sets of peaks related to both numerical models. The peaks will always be distinct.

References

  1. Aldaya, A.C., García, C.P., Tapia, L.M.A., Brumley, B.B.: Cache-timing attacks on RSA key generation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019, 213–242 (2018). https://doi.org/10.13154/tches.v2019.i4.213-242

  2. Batina, L., Chmielewski, L., Papachristodoulou, L., Schwabe, P., Tunstall, M.: Online template attacks. J. Cryptogr. Eng. 9, 21–36 (2017). https://doi.org/10.1007/s13389-017-0171-8

    Article  Google Scholar 

  3. Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 1–17. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36095-4_1

    Chapter  Google Scholar 

  4. Benadjila, R., Prouff, E., Strullu, R., Cagli, E., Dumas, C.: Deep learning for sidechannel analysis and introduction to ASCAD database. J. Cryptogr. Eng. 10(2), 163–188 (2020). https://doi.org/10.1007/s13389-019-00220-8

    Article  Google Scholar 

  5. Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. In: EMC, Tokyo, Japan (2014). https://hal.telecom-paris.fr/hal-02412040

  6. Bruneau, N., Carlet, C., Guilley, S., Heuser, A., Prouff, E., Rioul, O.: Stochastic collision attack. IEEE Trans. Inf. Forensics Secur. 12(9), 2090–2104 (2017). https://doi.org/10.1109/TIFS.2017.2697401

    Article  Google Scholar 

  7. Carbone, M., et al.: Deep learning to evaluate secure RSA implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 132–161 (2019). https://doi.org/10.13154/tches.v2019.i2.132-161

  8. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17650-0_5

    Chapter  Google Scholar 

  9. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_25

    Chapter  Google Scholar 

  10. Dupaquis, V., Venelli, A.: Redundant modular reduction algorithms. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 102–114. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-27257-8_7

    Chapter  Google Scholar 

  11. Fouque, P.A., Valette, F.: The doubling attack – why upwards is better than downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45238-6_22

  12. Hanley, N., Kim, H.S., Tunstall, M.: Exploiting collisions in addition chain-based exponentiation algorithms using a single trace. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 431–448. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16715-2_23 ISBN: 978-3-319-16715-2

    Chapter  Google Scholar 

  13. Heyszl, J., Ibing, A., Mangard, S., De Santis, F., Sigl, G.: Clustering algorithms for non-profiled single-execution attacks on exponentiations. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 79–93. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_6 ISBN: 978-3-319-08302-5

    Chapter  Google Scholar 

  14. Homma, N., Miyamoto, A., Aoki, T., Satoh, A., Shamir, A.: Collision-based power analysis of modular exponentiation using chosen-message pairs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 15–29. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85053-3_2 ISBN: 978-3-540-85053-3

    Chapter  Google Scholar 

  15. Jajodia, S., van Tilborg, H.C.: Encyclopedia of Cryptography and Security. Springer, New York (2011). https://doi.org/10.1007/978-1-4419-5906-5. ISBN: 038723473X

    Book  Google Scholar 

  16. Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_22

    Chapter  Google Scholar 

  17. Knuth, D.E.: The Art of Computer Programming, Volume 2: Seminumerical Algorithms. Addison-Wesley (1981)

    Google Scholar 

  18. Micheli, G.D., Heninger, N.: Recovering cryptographic keys from partial information, by example. Cryptology ePrint Archive, Paper 2020/1506 (2020). https://eprint.iacr.org/2020/1506

  19. Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987). https://doi.org/10.1090/S0025-5718-1987-0866113-7

    Article  MathSciNet  Google Scholar 

  20. Moradi, A., Mischke, O., Paar, C., Li, Y., Ohta, K., Sakiyama, K.: On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 292–311. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_20 ISBN: 978-3-642-23951-9

    Chapter  Google Scholar 

  21. Nascimento, E., Chmielewski, Ł: Applying horizontal clustering side-channel attacks on embedded ECC implementations. In: Eisenbarth, T., Teglia, Y. (eds.) CARDIS 2017. LNCS, vol. 10728, pp. 213–231. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75208-2_13

    Chapter  Google Scholar 

  22. Nascimento, E., Chmielewski, Ł, Oswald, D., Schwabe, P.: Attacking embedded ECC implementations through cmov side channels. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 99–119. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_6

    Chapter  Google Scholar 

  23. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9

    Chapter  Google Scholar 

  24. Perin, G., Chmielewski, L., Batina, L., Picek, S.: Keep it unsupervised: horizontal attacks meet deep learning. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(1), 343–372 (2020). https://doi.org/10.46586/tchesv2021.i1.343-372

  25. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978). https://doi.org/10.1145/359340.359342. ISSN: 0001-0782

    Article  MathSciNet  Google Scholar 

  26. Schindler, W., Wiemers, A.: Power attacks in the presence of exponent blinding. J. Cryptogr. Eng. 4, 213–236 (2014). https://doi.org/10.1007/s13389-014-0081-y

    Article  Google Scholar 

  27. Scott, M.: MIRACL Core Cryptographic Library (2019). https://github.com/miracl/core

  28. Waddle, J., Wagner, D.: Towards efficient second-order power analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_1 ISBN: 978-3-540-28632-5

    Chapter  Google Scholar 

  29. Walter, C.D.: Sliding windows succumbs to big mac attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_24

    Chapter  Google Scholar 

  30. Witteman, M.F., van Woudenberg, J.G.J., Menarini, F.: Defeating RSA multiply-always and message blinding countermeasures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 77–88. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_6 ISBN: 978-3-642-19074-2

    Chapter  Google Scholar 

  31. Yen, S.-M., Ko, L.-C., Moon, S.J., Ha, J.C.: Relative doubling attack against montgomery ladder. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 117–128. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_11 ISBN: 978-3-540-33355-5

    Chapter  Google Scholar 

Download references

Acknowledgements

This work has been funded by the French Ministry of Armed Forces through its Agence de l’Innovation de la Défense.

Author information

Authors and Affiliations

  1. LTCI, Telecom Paris, Institut Polytechnique de Paris, 19, place Marguerite Perey, CS 20031, 91123, Palaiseau Cedex, France

    Arnaud Varillon, Laurent Sauvage & Jean-Luc Danger

Authors
  1. Arnaud Varillon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Laurent Sauvage
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Luc Danger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arnaud Varillon .

Editor information

Editors and Affiliations

  1. University of Amsterdam, Amsterdam, The Netherlands

    Francesco Regazzoni

  2. Indian Institute of Technology Indore, Indore, India

    Bodhisatwa Mazumdar

  3. The University of Sydney, Camperdown, NSW, Australia

    Sri Parameswaran

Appendices

A The Montgomery Ladder

Algorithm 1
figure r

Pseudocode for the Montgomery Ladder (RSA).

Full size image

B Observing Collisions Involving \(g^2\)

Fig. 6.
figure 6

NICV on \(g^2[7:0]\) computed using 49152 traces (top: \(d=(10\ldots )_2\), bottom: \(d=(11\ldots )_2\)). All activity linked to the collision attack vulnerability on \(R_1\) (\(= g^2\)—Fig. 2, \(g^{2x+2}\) line) is visible ( rectangles). Like in Fig. 3, the difference between the two resulting traces (\(d_{j-1}\in \{0,1\}\)) exposes the collision attack vulnerability. (Color figure online)

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Varillon, A., Sauvage, L., Danger, JL. (2024). High-Order Collision Attack Vulnerabilities in Montgomery Ladder Implementations of RSA. In: Regazzoni, F., Mazumdar, B., Parameswaran, S. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2023. Lecture Notes in Computer Science, vol 14412. Springer, Cham. https://doi.org/10.1007/978-3-031-51583-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-51583-5_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-51582-8

  • Online ISBN: 978-3-031-51583-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation